BugBlog Home
BJK Research Home
BJK Research Home

Did the BugBlog help you? Donate via PayPal to say thanks.

Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.

Amazon Honor System Click Here to Pay Learn More

Add to Google

Jump to the BugBlog archives

Dec 06
Nov 06
Oct 06
Sept 06
Aug 06
July 06
June 06
May 06
Apr 06
Mar 06
Feb 06
Jan 06
Dec 05
Nov 05
Oct 05
Sept 05
Aug 05
July 05
Jun 05
May 05
Apr 05
Mar 05
Feb 05
Jan 05
Dec 04
Nov 04
Oct 04
Sep 04
Aug 04
Jul 04
June 04
May 04
Apr 04
Mar 04
Feb 04
Jan 04
Dec 03
Nov 03
Oct 03
Sept 03
Aug 03
July 03
June 03
May 03
April 03
Mar 03
Feb 03
Jan 03
Dec 02
Nov 02


View vintage BugNet coverage here

Cleveland-area blogs*:

Backup BugBlog

Economic Development Futures

Brewed Fresh Daily


Working with Words


Sardonic Views

Filtering Craig

Hotel Bruce


Up Yours

Kevin Holtsberry

Steve Goldberg

Red Wheelbarrow

Anita Campbell

Swerb's Blurbs

Rachel's Law

*there are more blogs in Cleveland, these are just from people I've met or know. Some of the above are actually farther away, but are bloggers I've met here.





Here is the daily bug, incompatibility or other computer problem from the BugBlog

The BugBlog is free- but if you want to help support its existence, subscribe to the BugBlog Plus. A three month subscription is only $5. XML The BugBlog uses monthly archives. All the current September bugs are here. Use the links on the left or below to jump back to past months, or use the search form.

9/29/2006 Dreamweaver Says Your Parameter Is Incorrect

Adobe says that you may get an error message in Macromedia Dreamweaver that says:
Parameter is incorrect.
(That happens to be an error message that I run into a lot in Dreamweaver.) Adobe says this may happen when you try to save a file to an offline mapped networked drive, when you do a File>New>Templates tab command, or when you Put, Get or Synchronize files to or from a remote server. (Alas, none of those situations cover my experience.) The first two can be fixed by installing the Dreamweaver 8.0.2 update. The third comes about by a corrupt time stamp. Adobe has some workaround information at http://www.adobe.com/go/fbfd45c3.

9/28/2006 Another ActiveX Problem for Microsoft

At the risk of turning the BugBlog into "All Microsoft, All of the Time" -- US-CERT reports on another bug in an ActiveX control, which will cause a security problem for Microsoft Internet Explorer. This time it is the Microsoft Windows WebViewFolderIcon ActiveX control, and because of an integer overflow a remote attacker may be able to run their code on your computer. There is no fix for Microsoft yet, but US-CERT says you can disable this ActiveX control by setting its kill bit. See more at http://www.kb.cert.org/vuls/id/753044.

9/27/2006 Microsoft Issues Early Patch for VML Bug

Microsoft has issued an out-of-cycle security bulletin (meaning they didn't wait for Patch Tuesday) for the VML Buffer Overrun bug in Microsoft Internet Explorer. This bug was being actively exploited by hostile web sites, and could completely take over your computer, as shown in the 9/26 and 9/20 BugBlogs. Get the patch at http://www.microsoft.com/technet/security/bulletin/ms06-055.mspx.

Today's BugBlog Plus has ten more bugs and fixes for Apple, Microsoft, Red Hat and Sun Microsystems.

9/26/2006 Internet Explorer VML Attacks Increasing

The Internet Storm Center reports that there is much more hostile activity targeting the VML security bug in Microsoft Internet Explorer. They say "The exploit is widely known, easy to recreate, and used in more and more mainstream websites." Actions you can take include using some browser other than IE, or deregistering the problem DLL file, Vgx.dll. They show how to do that at http://isc.sans.org/diary.php?storyid=1727, and have a further series of reports.

Today's BugBlog Plus has five more bugs and fixes for Apple, FreeBSD, and Microsoft.

9/25/2006 The Big Picture: Symantec's Internet Security Report

Symantec has released the latest version of their semi-annual Internet Security Threat Report. Targeted attacks, especially phishing attacks, are becoming more popular than broad-based attacks such as the Blaster worm. Microsoft Internet Explorer is the most targeted browser, although they say Mozilla has more bugs. Get the report at http://www.symantec.com/enterprise/threatreport/index.jsp/ (although Symantec's web servers are very busy this morning.)

9/23/2006 Red Hat Has PHP Patch

Red Hat has an updated PHP package for Red Hat Enterprise Linux 3 and 4. This fixes a number of bugs in PHP that may allow cross-site scripting attacks, or may allow remote attackers to run their own code on the server by taking advantage of buffer or integer overflows. Get the updated package at https://rhn.redhat.com/errata/RHSA-2006-0669.html.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Cisco, and Microsoft.

9/22/2006 Buggy AirPorts on Power-PC Based Macs

Apple has found a couple of buffer overflow bugs in their AirPort wireless drivers. Attackers on a wireless network may be able to exploit the bugs to run their own code on your computer. According to Apple, affected products include Power Mac, PowerBook, iBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers equipped with wireless, but not the Intel-based Mac mini, MacBook or MacBook Pro. This has been fixed in the AirPort Update 2006-001 and Security Update 2006-005.

Today's BugBlog Plus has five more bugs and fixes for Apple, CA, Cisco, and Microsoft.

9/21/2006 iTunes Update Breaks QuickTime

Once you upgrade to iTunes 7 or later on your Mac OS X computer, problems with QuickTime may occur. Try to play a movie, and you may get this error message: "You need to authorize this movie to play it on this machine" Apple says that upgrading to the latest version of QuickTime should fix this. You can use Apple's Software Update for this, or go to the Apple QuickTime page at http://www.apple.com/quicktime/. This error won't affect iTunes for Windows, because that version automatically updates QuickTime.

9/20/2006 Buffer Overflow Being Exploited in Microsoft Internet Explorer

There is another buffer overflow in Microsoft Internet Explorer 6. This one occurs in the way that IE handles Vector Markup Language (VML), and will let attackers run their own code on your computer. Fully-patched versions of IE are affected, and it is reported that this bug is being used on Russian porn sites, and will probably spread. If Microsoft Outlook or Outlook Express are configured to automatically open HTML messages, they are also vulnerable. It looks like Microsoft is aiming for October's Patch Tuesday for issuing a fix. In the meantime, you can either switch to an alternative browser like Mozilla Firefox (which isn't affected), turn off JavaScript, or unregister vgx.dll. Computerworld shows how to do this at http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9003468.

Today's BugBlog Plus has ten more bugs and fixes for AOL, Apple, Microsoft, Red Hat, Sony, Toshiba, and Symantec.

9/19/2006 Microsoft Patch May Destroy Data

Microsoft says that their MS06-049 security patch for Windows 2000 may possibly corrupt some of your data in certain circumstances. The dangerous situation is when you install MS06-049 on an NTFS formatted drive and you have NTFS compression being used on some folders. If the compressed files are bigger than 4 K, they may become corrupted and unreadable. While Microsoft is working on a re-release of the patch, Windows 2000 users should turn off data compression if they install the patch, which was originally released in August, and fixes a kernel bug. See more at http://blogs.technet.com/msrc/archive/2006/09/15/456646.aspx.

9/18/2006 Internet Explorer GETs Busy

If you have the Microsoft Internet Explorer 6 Content Advisor turned on, and you visit a website with scripts, IE may send a stream of GET requests to the Web site, which will tend to bog things down. Microsoft says this happens if the scripts on the website aren't associated with any Content Advisor rules. Microsoft's only workaround is to turn off the Content Advisor. See how to do this at http://support.microsoft.com/kb/924456.

Today's BugBlog Plus has six more bugs and fixes for Apple, IBM, Ipswitch, Microsoft, Mozilla, and Opera.

9/15/2006 JavaScript Bug in Mozilla

There is a heap buffer overflow in the JavaScript Engine in Mozilla Firefox, Thunderbird, and SeaMonkey. A malicious website may be able to create a regular expression in JavaScript that could read beyond the end of the buffer, which could cause a crash or corrupting memory. This has been fixed in Firefox and Thunderbird, and in SeaMonkey 1.0.5. Mozilla credits CanadianGuy, Girts Folkmanis and Catalin Patulea for finding this Critical bug.

Today's BugBlog Plus has five more bugs and fixes for Diebold Microsoft, Mozilla, and Symantec.

9/14/2006 Flash Bugs Allow System Takeover

There are bugs in the Adobe Flash Player, along with earlier versions, that may allow a remote attacker to take control of a computer. They can do this via a maliciously-designed SWF file that they must lure you into playing. As a fix, get the latest Flash Player (or later) from http://www.adobe.com/go/getflashplayer.

Today's BugBlog Plus has six more bugs and fixes for Adobe, Apple, Microsoft, and Red Hat.

9/13/2006 Bug in Windows Pragmatic General Multicast

There is a bug in the MSMQ service in Windows 2000, Windows XP, and Windows Server 2003 that may allow a malicious user to send a multicast message that can take over a system. However, Microsoft points out that this service is not installed by default on Windows systems. If you are using this service, which also goes by the name Pragmatic General Multicast (PGM), you should get the patch at http://www.microsoft.com/technet/security/bulletin/ms06-052.mspx. Microsoft credits David Warden of NuPaper Inc. for finding this bug.

Today's BugBlog Plus has ten more bugs and fixes for Adobe, Apple, Microsoft, PHP, Red Hat, and Second Life.

9/12/2006 Critical Bug in Microsoft Publisher

This month's critical vulnerability in Microsoft Office is in one of its less popular applications, Microsoft Publisher. A remote attacker may be able to construct a Publisher file with a maliciously designed string. When this file is opened, it could trigger hostile code to be run, and the attacker could possibly take over the computer. Microsoft has a fix at http://www.microsoft.com/technet/security/Bulletin/MS06-054.mspx. Even if you don't have Publisher installed, Windows Update may offer this patch, because Publisher shares some files with other Office applications. Microsoft credits Stuart Pearson of Computer Terrorism for finding this bug.

9/9/2006 On the Road Again

Will be on the road for a few days, so updates will be light.

9/8/2006 It Will Be a Smaller Patch Tuesday

Microsoft has announced their Patch Tuesday list for September. On September 12, they will release one Critical security bulletin for Microsoft Office. There will be two security bulletins for Windows, but they are only rated as Important. There will also be two high-priority updates released via Windows Updates, and three more on Microsoft Update, but these are not security-related.

Today's BugBlog Plus has ten more bugs and fixes for Adobe, AOL, Apple, Microsoft, and Novell.

9/7/2006 Encrypted Malware a New Type of Threat

McAfee reports that they are now seeing malware that takes advantage of the EFS (Encrypting File Systems) capabilities of Windows. The encrypted files ultimately do what other trojan software does -- install a backdoor onto your system, often with a newly-created administrator login account. The encryption just adds an extra layer of defense. See McAfee's report at http://www.avertlabs.com/research/blog/?p=77 for more on how it works, and what IP addresses the malware tries to contact.

9/6/2006 ZoneAlarm Update Fixes Domestic and International Bugs

Zone Labs has released ZoneAlarm 6.5.737.000. This version clears up a bug that sometimes prevented users couldn't change the default home page in their browser. It also fixes some bugs in international versions that were either truncating text displays or causing some random crashes. If you haven't been affected by these problems, you may want to wait a couple of days before upgrading at http://download.zonelabs.com/bin/free/information/znalm/zaReleaseHistory.html, to make sure the upgrade itself doesn't have problems.

9/5/2006 New Problem for Microsoft Word 2000

Symantec is reporting a new vulnerability in Microsoft Office 2000. If you open an infected Word doc a Trojan Horse program will run and create another program, Backdoor.Femo, which will give access to your computer. There is no patch from Microsoft yet, although Symantec says that their AV software will detect it. Read more at http://www.symantec.com/enterprise/security_response/weblog/

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, IBM, Microsoft, and Panasonic.

9/4/2006 Sony Wins the Bug of the Month

Sony wins the September Bug of the Month, because they are the manufacturer for all the Dell and Apple batteries being recalled.

9/4/2006 Outlook Printing Problems

There is a new hotfix package for Microsoft Outlook 2003 that fixes two printing bugs. The first bug may prevent email messages that are printed using the TIFF format from being saved correctly. The second bug may affect someone with two printers connected to their system. Trying to print to the non-default printer may not always work. This hotfix is for Office 2003 systems with Service Pack 2 installed. This new hotfix will be in a future service pack, but if you need it right away see http://support.microsoft.com/kb/924435.

Today's BugBlog Plus has five more bugs and fixes for Adobe, LucasArts, Novell, and VMware.

9/1/2006 Only four?

There have been a number of news stories about TippingPoint's new Zero Day Initiative's Upcoming Advisory List. This list shows when the TippingPoint alerts a vendor to a bug. The details of the bug aren't released to the public, only the company name and severity level of the bug. There's some criticism that this helps alert malware authors to potential vulnerabilities, but it's very limited help. For instance, the list says that there are four high severity bugs in Microsoft products. Is that news to anyone? (My reaction was "Only four?") On the other hand, when a company with a small number of offerings, like WinZip, makes the list, the target is narrower. See the full list at http://www.zerodayinitiative.com/upcoming_advisories.html.

Today's BugBlog Plus has five more bugs and fixes for Apple, CA, and Microsoft.





Web www.bjkresearch.com

Home | Contact | Writing | Online | News | Tips | CABE |

© 2006 BJK Research LLC